1. 02 Aug, 2020 1 commit
  2. 20 Jan, 2020 1 commit
  3. 08 Jul, 2019 1 commit
    • Sascha Hauer's avatar
      ubifs: support offline signed images · 817aa094
      Sascha Hauer authored
      
      HMACs can only be generated on the system the UBIFS image is running on.
      To support offline signed images we add a PKCS#7 signature to the UBIFS
      image which can be created by mkfs.ubifs.
      
      Both the master node and the superblock need to be authenticated, during
      normal runtime both are protected with HMACs. For offline signature
      support however only a single signature is desired. We add a signature
      covering the superblock node directly behind it. To protect the master
      node a hash of the master node is added to the superblock which is used
      when the master node doesn't contain a HMAC.
      
      Transition to a read/write filesystem is also supported. During
      transition first the master node is rewritten with a HMAC (implicitly,
      it is written anyway as the FS is marked dirty). Afterwards the
      superblock is rewritten with a HMAC. Once after the image has been
      mounted read/write it is HMAC only, the signature is no longer required
      or even present on the filesystem.
      
      In an offline signed image the master node is authenticated by the
      superblock. In a transition to r/w we have to make sure that the master
      node is rewritten before the superblock node. In this case the master
      node gets a HMAC and its authenticity no longer depends on the
      superblock node. There are some cases in which the current code first
      writes the superblock node though, so with this patch writing of the
      superblock node is delayed until the master node is written.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      817aa094
  4. 05 Jun, 2019 1 commit
    • Thomas Gleixner's avatar
      treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336 · 2b27bdcc
      Thomas Gleixner authored
      
      Based on 1 normalized pattern(s):
      
        this program is free software you can redistribute it and or modify
        it under the terms of the gnu general public license version 2 as
        published by the free software foundation this program is
        distributed in the hope that it will be useful but without any
        warranty without even the implied warranty of merchantability or
        fitness for a particular purpose see the gnu general public license
        for more details you should have received a copy of the gnu general
        public license along with this program if not write to the free
        software foundation inc 51 franklin st fifth floor boston ma 02110
        1301 usa
      
      extracted by the scancode license scanner the SPDX license identifier
      
        GPL-2.0-only
      
      has been chosen to replace the boilerplate/reference in 246 file(s).
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Reviewed-by: default avatarAlexios Zavras <alexios.zavras@intel.com>
      Reviewed-by: Allison Randal <allison@...
      2b27bdcc
  5. 15 May, 2019 1 commit
  6. 07 May, 2019 3 commits
  7. 24 Jan, 2019 1 commit
  8. 23 Oct, 2018 12 commits
    • Sascha Hauer's avatar
      ubifs: Do not update inode size in-place in authenticated mode · 1e76592f
      Sascha Hauer authored
      
      In authenticated mode we cannot fixup the inode sizes in-place
      during recovery as this would invalidate the hashes and HMACs
      we stored for this inode.
      
      Instead, we just write the updated inodes to the journal. We can
      only do this after ubifs_rcvry_gc_commit() is done though, so for
      authenticated mode call ubifs_recover_size() after
      ubifs_rcvry_gc_commit() and not vice versa as normally done.
      
      Calling ubifs_recover_size() after ubifs_rcvry_gc_commit() has the
      drawback that after a commit the size fixup information is gone, so
      when a powercut happens while recovering from another powercut
      we may lose some data written right before the first powercut.
      This is why we only do this in authenticated mode and leave the
      behaviour for unauthenticated mode untouched.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      1e76592f
    • Sascha Hauer's avatar
      ubifs: Create hash for default LPT · b5b1f083
      Sascha Hauer authored
      
      During creation of the default filesystem on an empty flash the default
      LPT is created. With this patch a hash over the default LPT is
      calculated which can be added to the default filesystems master node.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      b5b1f083
    • Sascha Hauer's avatar
      ubfis: authentication: Authenticate master node · 625700cc
      Sascha Hauer authored
      
      The master node contains hashes over the root index node and the LPT.
      This patch adds a HMAC to authenticate the master node itself.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      625700cc
    • Sascha Hauer's avatar
      ubifs: authentication: Authenticate LPT · a1dc5814
      Sascha Hauer authored
      
      The LPT needs to be authenticated aswell. Since the LPT is only written
      during commit it is enough to authenticate the whole LPT with a single
      hash which is stored in the master node. Only the leaf nodes (pnodes)
      are hashed which makes the implementation much simpler than it would be
      to hash the complete LPT.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      a1dc5814
    • Sascha Hauer's avatar
      ubifs: Add authentication nodes to journal · 6a98bc46
      Sascha Hauer authored
      
      Nodes that are written to flash can only be authenticated through the
      index after the next commit. When a journal replay is necessary the
      nodes are not yet referenced by the index and thus can't be
      authenticated.
      
      This patch overcomes this situation by creating a hash over all nodes
      beginning from the commit start node over the reference node(s) and
      the buds themselves. From
      time to time we insert authentication nodes. Authentication nodes
      contain a HMAC from the current hash state, so that they can be
      used to authenticate a journal replay up to the point where the
      authentication node is. The hash is continued afterwards
      so that theoretically we would only have to check the HMAC of
      the last authentication node we find.
      
      Overall we get this picture:
      
      ,,,,,,,,
      ,......,...........................................
      ,. CS  ,               hash1.----.           hash2.----.
      ,.  |  ,                    .    |hmac            .    |hmac
      ,.  v  ,                    .    v                .    v
      ,.REF#0,-> bud -> bud -> bud.-> auth -> bud -> bud.-> auth ...
      ,..|...,...........................................
      ,  |   ,
      ,  |   ,,,,,,,,,,,,,,,
      .  |            hash3,----.
      ,  |                 ,    |hmac
      ,  v                 ,    v
      , REF#1 -> bud -> bud,-> auth ...
      ,,,|,,,,,,,,,,,,,,,,,,
         v
        REF#2 -> ...
         |
         V
        ...
      
      Note how hash3 covers CS, REF#0 and REF#1 so that it is not possible to
      exchange or skip any reference nodes. Unlike the picture suggests the
      auth nodes themselves are not hashed.
      
      With this it is possible for an offline attacker to cut each journal
      head or to drop the last reference node(s), but not to skip any journal
      heads or to reorder any operations.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      6a98bc46
    • Sascha Hauer's avatar
      ubifs: authentication: Add hashes to index nodes · 16a26b20
      Sascha Hauer authored
      
      With this patch the hashes over the index nodes stored in the tree node
      cache are written to flash and are checked when read back from flash.
      The hash of the root index node is stored in the master node.
      
      During journal replay the hashes are regenerated from the read nodes
      and stored in the tree node cache. This means the nodes must previously
      be authenticated by other means. This is done in a later patch.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      16a26b20
    • Sascha Hauer's avatar
      ubifs: Add hashes to the tree node cache · 823838a4
      Sascha Hauer authored
      
      As part of the UBIFS authentication support every branch in the index
      gets a hash covering the referenced node. To make that happen the tree
      node cache needs hashes over the nodes. This patch adds a hash argument
      to ubifs_tnc_add() and ubifs_tnc_add_nm(). The hashes are calculated
      from the callers of these functions which actually prepare the nodes.
      With this patch all the leaf nodes of the index tree get hashes, but
      currently nothing is done with these hashes, this is left for a later
      patch.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      823838a4
    • Sascha Hauer's avatar
      ubifs: Create functions to embed a HMAC in a node · a384b47e
      Sascha Hauer authored
      
      With authentication support some nodes (master node, super block node)
      get a HMAC embedded into them. This patch adds functions to prepare and
      write such a node.
      The difficulty is that besides the HMAC the nodes also have a CRC which
      must stay valid. This means we first have to initialize all fields in
      the node, then calculate the HMAC (not covering the CRC) and finally
      calculate the CRC.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      a384b47e
    • Sascha Hauer's avatar
      ubifs: Add helper functions for authentication support · 49525e5e
      Sascha Hauer authored
      
      This patch adds the various helper functions needed for authentication
      support. We need functions to hash nodes, to embed HMACs into a node and
      to compare hashes and HMACs. Most functions first check if this
      filesystem is authenticated and bail out early if not, which makes the
      functions safe to be called with disabled authentication.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      49525e5e
    • Sascha Hauer's avatar
      ubifs: Add separate functions to init/crc a node · dead9726
      Sascha Hauer authored
      
      When adding authentication support we will embed a HMAC into some
      nodes. To prepare these nodes we have to first initialize the nodes,
      then add a HMAC and finally add a CRC. To accomplish this add separate
      ubifs_init_node/ubifs_crc_node functions.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      dead9726
    • Sascha Hauer's avatar
      ubifs: Store read superblock node · fd615005
      Sascha Hauer authored
      
      The superblock node is read/modified/written several times throughout
      the UBIFS code. Instead of reading it from the device each time just
      keep a copy in memory and write back the modified copy when necessary.
      This patch helps for authentication support, here we not only have to
      read the superblock node, but also have to authenticate it, which
      is easier if we do it once during initialization.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      fd615005
    • Sascha Hauer's avatar
      ubifs: Export pnode_lookup as ubifs_pnode_lookup · 0e26b6e2
      Sascha Hauer authored
      
      ubifs_lpt_lookup could be implemented using pnode_lookup. To make that
      possible move pnode_lookup from lpt.c to lpt_commit.c. Rename it to
      ubifs_pnode_lookup since it's now exported.
      Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      0e26b6e2
  9. 14 Aug, 2018 4 commits
  10. 07 Jun, 2018 1 commit
  11. 05 Jun, 2018 1 commit
    • Deepa Dinamani's avatar
      vfs: change inode times to use struct timespec64 · 95582b00
      Deepa Dinamani authored
      
      struct timespec is not y2038 safe. Transition vfs to use
      y2038 safe struct timespec64 instead.
      
      The change was made with the help of the following cocinelle
      script. This catches about 80% of the changes.
      All the header file and logic changes are included in the
      first 5 rules. The rest are trivial substitutions.
      I avoid changing any of the function signatures or any other
      filesystem specific data structures to keep the patch simple
      for review.
      
      The script can be a little shorter by combining different cases.
      But, this version was sufficient for my usecase.
      
      virtual patch
      
      @ depends on patch @
      identifier now;
      @@
      - struct timespec
      + struct timespec64
        current_time ( ... )
        {
      - struct timespec now = current_kernel_time();
      + struct timespec64 now = current_kernel_time64();
        ...
      - return timespec_trunc(
      + return timespec64_trunc(
        ... );
        }
      
      @ depends on patch @
      identifier xtime;
      @@
       struct \( iattr \| inode \| kstat \) {
       ...
      -       struct timespec xtime;
      +       struct timespec64 xtime;
       ...
       }
      
      @ depends on patch @
      identifier t;
      @@
       struct inode_operations {
       ...
      int (*update_time) (...,
      -       struct timespec t,
      +       struct timespec64 t,
      ...);
       ...
       }
      
      @ depends on patch @
      identifier t;
      identifier fn_update_time =~ "update_time$";
      @@
       fn_update_time (...,
      - struct timespec *t,
      + struct timespec64 *t,
       ...) { ... }
      
      @ depends on patch @
      identifier t;
      @@
      lease_get_mtime( ... ,
      - struct timespec *t
      + struct timespec64 *t
        ) { ... }
      
      @te depends on patch forall@
      identifier ts;
      local idexpression struct inode *inode_node;
      identifier i_xtime =~ "^i_[acm]time$";
      identifier ia_xtime =~ "^ia_[acm]time$";
      identifier fn_update_time =~ "update_time$";
      identifier fn;
      expression e, E3;
      local idexpression struct inode *node1;
      local idexpression struct inode *node2;
      local idexpression struct iattr *attr1;
      local idexpression struct iattr *attr2;
      local idexpression struct iattr attr;
      identifier i_xtime1 =~ "^i_[acm]time$";
      identifier i_xtime2 =~ "^i_[acm]time$";
      identifier ia_xtime1 =~ "^ia_[acm]time$";
      identifier ia_xtime2 =~ "^ia_[acm]time$";
      @@
      (
      (
      - struct timespec ts;
      + struct timespec64 ts;
      |
      - struct timespec ts = current_time(inode_node);
      + struct timespec64 ts = current_time(inode_node);
      )
      
      <+... when != ts
      (
      - timespec_equal(&inode_node->i_xtime, &ts)
      + timespec64_equal(&inode_node->i_xtime, &ts)
      |
      - timespec_equal(&ts, &inode_node->i_xtime)
      + timespec64_equal(&ts, &inode_node->i_xtime)
      |
      - timespec_compare(&inode_node->i_xtime, &ts)
      + timespec64_compare(&inode_node->i_xtime, &ts)
      |
      - timespec_compare(&ts, &inode_node->i_xtime)
      + timespec64_compare(&ts, &inode_node->i_xtime)
      |
      ts = current_time(e)
      |
      fn_update_time(..., &ts,...)
      |
      inode_node->i_xtime = ts
      |
      node1->i_xtime = ts
      |
      ts = inode_node->i_xtime
      |
      <+... attr1->ia_xtime ...+> = ts
      |
      ts = attr1->ia_xtime
      |
      ts.tv_sec
      |
      ts.tv_nsec
      |
      btrfs_set_stack_timespec_sec(..., ts.tv_sec)
      |
      btrfs_set_stack_timespec_nsec(..., ts.tv_nsec)
      |
      - ts = timespec64_to_timespec(
      + ts =
      ...
      -)
      |
      - ts = ktime_to_timespec(
      + ts = ktime_to_timespec64(
      ...)
      |
      - ts = E3
      + ts = timespec_to_timespec64(E3)
      |
      - ktime_get_real_ts(&ts)
      + ktime_get_real_ts64(&ts)
      |
      fn(...,
      - ts
      + timespec64_to_timespec(ts)
      ,...)
      )
      ...+>
      (
      <... when != ts
      - return ts;
      + return timespec64_to_timespec(ts);
      ...>
      )
      |
      - timespec_equal(&node1->i_xtime1, &node2->i_xtime2)
      + timespec64_equal(&node1->i_xtime2, &node2->i_xtime2)
      |
      - timespec_equal(&node1->i_xtime1, &attr2->ia_xtime2)
      + timespec64_equal(&node1->i_xtime2, &attr2->ia_xtime2)
      |
      - timespec_compare(&node1->i_xtime1, &node2->i_xtime2)
      + timespec64_compare(&node1->i_xtime1, &node2->i_xtime2)
      |
      node1->i_xtime1 =
      - timespec_trunc(attr1->ia_xtime1,
      + timespec64_trunc(attr1->ia_xtime1,
      ...)
      |
      - attr1->ia_xtime1 = timespec_trunc(attr2->ia_xtime2,
      + attr1->ia_xtime1 =  timespec64_trunc(attr2->ia_xtime2,
      ...)
      |
      - ktime_get_real_ts(&attr1->ia_xtime1)
      + ktime_get_real_ts64(&attr1->ia_xtime1)
      |
      - ktime_get_real_ts(&attr.ia_xtime1)
      + ktime_get_real_ts64(&attr.ia_xtime1)
      )
      
      @ depends on patch @
      struct inode *node;
      struct iattr *attr;
      identifier fn;
      identifier i_xtime =~ "^i_[acm]time$";
      identifier ia_xtime =~ "^ia_[acm]time$";
      expression e;
      @@
      (
      - fn(node->i_xtime);
      + fn(timespec64_to_timespec(node->i_xtime));
      |
       fn(...,
      - node->i_xtime);
      + timespec64_to_timespec(node->i_xtime));
      |
      - e = fn(attr->ia_xtime);
      + e = fn(timespec64_to_timespec(attr->ia_xtime));
      )
      
      @ depends on patch forall @
      struct inode *node;
      struct iattr *attr;
      identifier i_xtime =~ "^i_[acm]time$";
      identifier ia_xtime =~ "^ia_[acm]time$";
      identifier fn;
      @@
      {
      + struct timespec ts;
      <+...
      (
      + ts = timespec64_to_timespec(node->i_xtime);
      fn (...,
      - &node->i_xtime,
      + &ts,
      ...);
      |
      + ts = timespec64_to_timespec(attr->ia_xtime);
      fn (...,
      - &attr->ia_xtime,
      + &ts,
      ...);
      )
      ...+>
      }
      
      @ depends on patch forall @
      struct inode *node;
      struct iattr *attr;
      struct kstat *stat;
      identifier ia_xtime =~ "^ia_[acm]time$";
      identifier i_xtime =~ "^i_[acm]time$";
      identifier xtime =~ "^[acm]time$";
      identifier fn, ret;
      @@
      {
      + struct timespec ts;
      <+...
      (
      + ts = timespec64_to_timespec(node->i_xtime);
      ret = fn (...,
      - &node->i_xtime,
      + &ts,
      ...);
      |
      + ts = timespec64_to_timespec(node->i_xtime);
      ret = fn (...,
      - &node->i_xtime);
      + &ts);
      |
      + ts = timespec64_to_timespec(attr->ia_xtime);
      ret = fn (...,
      - &attr->ia_xtime,
      + &ts,
      ...);
      |
      + ts = timespec64_to_timespec(attr->ia_xtime);
      ret = fn (...,
      - &attr->ia_xtime);
      + &ts);
      |
      + ts = timespec64_to_timespec(stat->xtime);
      ret = fn (...,
      - &stat->xtime);
      + &ts);
      )
      ...+>
      }
      
      @ depends on patch @
      struct inode *node;
      struct inode *node2;
      identifier i_xtime1 =~ "^i_[acm]time$";
      identifier i_xtime2 =~ "^i_[acm]time$";
      identifier i_xtime3 =~ "^i_[acm]time$";
      struct iattr *attrp;
      struct iattr *attrp2;
      struct iattr attr ;
      identifier ia_xtime1 =~ "^ia_[acm]time$";
      identifier ia_xtime2 =~ "^ia_[acm]time$";
      struct kstat *stat;
      struct kstat stat1;
      struct timespec64 ts;
      identifier xtime =~ "^[acmb]time$";
      expression e;
      @@
      (
      ( node->i_xtime2 \| attrp->ia_xtime2 \| attr.ia_xtime2 \) = node->i_xtime1  ;
      |
       node->i_xtime2 = \( node2->i_xtime1 \| timespec64_trunc(...) \);
      |
       node->i_xtime2 = node->i_xtime1 = node->i_xtime3 = \(ts \| current_time(...) \);
      |
       node->i_xtime1 = node->i_xtime3 = \(ts \| current_time(...) \);
      |
       stat->xtime = node2->i_xtime1;
      |
       stat1.xtime = node2->i_xtime1;
      |
      ( node->i_xtime2 \| attrp->ia_xtime2 \) = attrp->ia_xtime1  ;
      |
      ( attrp->ia_xtime1 \| attr.ia_xtime1 \) = attrp2->ia_xtime2;
      |
      - e = node->i_xtime1;
      + e = timespec64_to_timespec( node->i_xtime1 );
      |
      - e = attrp->ia_xtime1;
      + e = timespec64_to_timespec( attrp->ia_xtime1 );
      |
      node->i_xtime1 = current_time(...);
      |
       node->i_xtime2 = node->i_xtime1 = node->i_xtime3 =
      - e;
      + timespec_to_timespec64(e);
      |
       node->i_xtime1 = node->i_xtime3 =
      - e;
      + timespec_to_timespec64(e);
      |
      - node->i_xtime1 = e;
      + node->i_xtime1 = timespec_to_timespec64(e);
      )
      Signed-off-by: default avatarDeepa Dinamani <deepa.kernel@gmail.com>
      Cc: <anton@tuxera.com>
      Cc: <balbi@kernel.org>
      Cc: <bfields@fieldses.org>
      Cc: <darrick.wong@oracle.com>
      Cc: <dhowells@redhat.com>
      Cc: <dsterba@suse.com>
      Cc: <dwmw2@infradead.org>
      Cc: <hch@lst.de>
      Cc: <hirofumi@mail.parknet.co.jp>
      Cc: <hubcap@omnibond.com>
      Cc: <jack@suse.com>
      Cc: <jaegeuk@kernel.org>
      Cc: <jaharkes@cs.cmu.edu>
      Cc: <jslaby@suse.com>
      Cc: <keescook@chromium.org>
      Cc: <mark@fasheh.com>
      Cc: <miklos@szeredi.hu>
      Cc: <nico@linaro.org>
      Cc: <reiserfs-devel@vger.kernel.org>
      Cc: <richard@nod.at>
      Cc: <sage@redhat.com>
      Cc: <sfrench@samba.org>
      Cc: <swhiteho@redhat.com>
      Cc: <tj@kernel.org>
      Cc: <trond.myklebust@primarydata.com>
      Cc: <tytso@mit.edu>
      Cc: <viro@zeniv.linux.org.uk>
      95582b00
  12. 27 Nov, 2017 1 commit
    • Linus Torvalds's avatar
      Rename superblock flags (MS_xyz -> SB_xyz) · 1751e8a6
      Linus Torvalds authored
      This is a pure automated search-and-replace of the internal kernel
      superblock flags.
      
      The s_flags are now called SB_*, with the names and the values for the
      moment mirroring the MS_* flags that they're equivalent to.
      
      Note how the MS_xyz flags are the ones passed to the mount system call,
      while the SB_xyz flags are what we then use in sb->s_flags.
      
      The script to do this was:
      
          # places to look in; re security/*: it generally should *not* be
          # touched (that stuff parses mount(2) arguments directly), but
          # there are two places where we really deal with superblock flags.
          FILES="drivers/mtd drivers/staging/lustre fs ipc mm \
                  include/linux/fs.h include/uapi/linux/bfs_fs.h \
                  security/apparmor/apparmorfs.c security/apparmor/include/lib.h"
          # the list of MS_... constants
          SYMS="RDONLY NOSUID NODEV NOEXEC SYNCHRONOUS REMOUNT MANDLOCK \
                DIRSYNC NOATIME NODIRATIME BIND MOVE REC VERBOSE SILENT \
                POSIXACL UNBIND...
      1751e8a6
  13. 18 Oct, 2017 2 commits
  14. 14 Jul, 2017 4 commits
    • Xiaolei Li's avatar
      ubifs: Massage assert in ubifs_xattr_set() wrt. init_xattrs · d8db5b1c
      Xiaolei Li authored
      
      The inode is not locked in init_xattrs when creating a new inode.
      
      Without this patch, there will occurs assert when booting or creating
      a new file, if the kernel config CONFIG_SECURITY_SMACK is enabled.
      
      Log likes:
      
      UBIFS assert failed in ubifs_xattr_set at 298 (pid 1156)
      CPU: 1 PID: 1156 Comm: ldconfig Tainted: G S 4.12.0-rc1-207440-g1e70b02 #2
      Hardware name: MediaTek MT2712 evaluation board (DT)
      Call trace:
      [<ffff000008088538>] dump_backtrace+0x0/0x238
      [<ffff000008088834>] show_stack+0x14/0x20
      [<ffff0000083d98d4>] dump_stack+0x9c/0xc0
      [<ffff00000835d524>] ubifs_xattr_set+0x374/0x5e0
      [<ffff00000835d7ec>] init_xattrs+0x5c/0xb8
      [<ffff000008385788>] security_inode_init_security+0x110/0x190
      [<ffff00000835e058>] ubifs_init_security+0x30/0x68
      [<ffff00000833ada0>] ubifs_mkdir+0x100/0x200
      [<ffff00000820669c>] vfs_mkdir+0x11c/0x1b8
      [<ffff00000820b73c>] SyS_mkdirat+0x74/0xd0
      [<ffff000008082f8c>] __sys_trace_return+0x0/0x4
      Signed-off-by: default avatarXiaolei Li <xiaolei.li@mediatek.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      d8db5b1c
    • Richard Weinberger's avatar
      ubifs: Fix unlink code wrt. double hash lookups · 781f675e
      Richard Weinberger authored
      When removing an encrypted file with a long name and without having
      the key we have to be able to locate and remove the directory entry
      via a double hash. This corner case was simply forgotten.
      
      Fixes: 528e3d17
      
       ("ubifs: Add full hash lookup support")
      Reported-by: default avatarDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      781f675e
    • Richard Weinberger's avatar
      ubifs: Correctly evict xattr inodes · 272eda82
      Richard Weinberger authored
      UBIFS handles extended attributes just like files, as consequence of
      that, they also have inodes.
      Therefore UBIFS does all the inode machinery also for xattrs. Since new
      inodes have i_nlink of 1, a file or xattr inode will be evicted
      if i_nlink goes down to 0 after an unlink. UBIFS assumes this model also
      for xattrs, which is not correct.
      One can create a file "foo" with xattr "user.test". By reading
      "user.test" an inode will be created, and by deleting "user.test" it
      will get evicted later. The assumption breaks if the file "foo", which
      hosts the xattrs, will be removed. VFS nor UBIFS does not remove each
      xattr via ubifs_xattr_remove(), it just removes the host inode from
      the TNC and all underlying xattr nodes too and the inode will remain
      in the cache and wastes memory.
      
      To solve this problem, remove xattr inodes from the VFS inode cache in
      ubifs_xattr_remove() to make sure that they get evicted.
      
      Fixes: 1e51764a
      
       ("UBIFS: add new flash file system")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      272eda82
    • Richard Weinberger's avatar
      ubifs: Unexport ubifs_inode_slab · e996bfd4
      Richard Weinberger authored
      
      This SLAB is only being used in super.c, there is no need to expose
      it into the global namespace.
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      e996bfd4
  15. 08 May, 2017 1 commit
  16. 20 Apr, 2017 1 commit
  17. 03 Mar, 2017 1 commit
    • David Howells's avatar
      statx: Add a system call to make enhanced file info available · a528d35e
      David Howells authored
      Add a system call to make extended file information available, including
      file creation and some attribute flags where available through the
      underlying filesystem.
      
      The getattr inode operation is altered to take two additional arguments: a
      u32 request_mask and an unsigned int flags that indicate the
      synchronisation mode.  This change is propagated to the vfs_getattr*()
      function.
      
      Functions like vfs_stat() are now inline wrappers around new functions
      vfs_statx() and vfs_statx_fd() to reduce stack usage.
      
      ========
      OVERVIEW
      ========
      
      The idea was initially proposed as a set of xattrs that could be retrieved
      with getxattr(), but the general preference proved to be for a new syscall
      with an extended stat structure.
      
      A number of requests were gathered for features to be included.  The
      following have been included:
      
       (1) Make the fields a consistent size on all arches and make them large.
      
       (2) Spare space, request flags and information flags are provi...
      a528d35e
  18. 08 Feb, 2017 1 commit
  19. 07 Feb, 2017 1 commit
    • Eric Biggers's avatar
      fscrypt: split supp and notsupp declarations into their own headers · 46f47e48
      Eric Biggers authored
      
      Previously, each filesystem configured without encryption support would
      define all the public fscrypt functions to their notsupp_* stubs.  This
      list of #defines had to be updated in every filesystem whenever a change
      was made to the public fscrypt functions.  To make things more
      maintainable now that we have three filesystems using fscrypt, split the
      old header fscrypto.h into several new headers.  fscrypt_supp.h contains
      the real declarations and is included by filesystems when configured
      with encryption support, whereas fscrypt_notsupp.h contains the inline
      stubs and is included by filesystems when configured without encryption
      support.  fscrypt_common.h contains common declarations needed by both.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      46f47e48
  20. 13 Dec, 2016 1 commit